Microsoft warns of serious IE exploit discovery

[Alcyon]

Quote:

A very critical security vulnerability has been discovered without a fix for it yet. The exploit can hijack a computer remotely if the victim simply visits a compromised web site. The attack allows hackers to exploit a hole into the victims computer through Microsoft's Video ActiveX Control.

The "zero day" vulnerability affects only Internet Explorer users via compromised web sites through part of its software used to play videos. The exploit can only attack users running Windows XP and Windows Server 2003 using the msvidctl.dll file that hosts this ActiveX Control. Microsoft recommends removing support for this ActiveX Control within Internet Explorer.

A patch for the exploit could take months to ready, so for now a temporary work around has been posted on Microsoft's support web site under the "Fix it" feature. Users can enable or disable the work around through Microsoft's web site.

Microsoft warns Windows XP and Windows Server 2003 users to enable the temporary workaround for now and also advises Windows Vista and Windows Server 2008 users to take these steps as a precaution. Internet Explorer 6 and 7 users are at risk but not Internet Explorer 8 users.

http://www.neowin.net/news/main/09/0...oit-discovered

[ronjor]

Posted here. Thanks. http://www.wilderssecurity.com/showthread.php?t=247177 and here. http://www.wilderssecurity.com/showthread.php?t=247170